US20120266212A1 - Apparatus and method for authenticating smart card - Google Patents
Apparatus and method for authenticating smart card Download PDFInfo
- Publication number
- US20120266212A1 US20120266212A1 US13/258,346 US201013258346A US2012266212A1 US 20120266212 A1 US20120266212 A1 US 20120266212A1 US 201013258346 A US201013258346 A US 201013258346A US 2012266212 A1 US2012266212 A1 US 2012266212A1
- Authority
- US
- United States
- Prior art keywords
- smart card
- module
- authentication
- screader
- terminal device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
Definitions
- the disclosure relates to the field of mobile communications and computers, particularly to an apparatus and a method for authenticating a smart card.
- the main objective of the disclosure is to provide an apparatus and a method for authenticating a smart card, which use an original module in an Apple computer, so as to reduce the workload, implement authenticating multiple smart cards, and also obtain high compatibility.
- the disclosure provides an apparatus for authenticating a smart card, which is configured to connecting a terminal device and a network server which have authentication operation functions, and includes: a smart card authentication service module, a Smart Card Reader (SCReader) drive module, a Personnel Computer Smart Card Drive (pcscd) service module and a virtual serial port drive module, wherein the smart card authentication service module is configured to send an initialization command to the SCReader drive module, to send an authentication request to the terminal device and the network server, and to compare smart card authentication operation results received from the network server and the terminal device; when the results are identical to each other, the authentication of the smart card is passed;
- a smart card authentication service module is configured to send an initialization command to the SCReader drive module, to send an authentication request to the terminal device and the network server, and to compare smart card authentication operation results received from the network server and the terminal device; when the results are identical to each other, the authentication of the smart card is passed;
- the SCReader drive module is configured to receive the initialization command from the smart card authentication service module and to send the authentication operation result from the terminal device to the smart card authentication service module;
- the pcscd service module is configured to provide a data transmission interface for the smart card authentication service module and to send data to the virtual serial port drive module through the SCReader drive module;
- the virtual serial port drive module is configured to transmit data between the terminal device and the SCReader drive module.
- the SCReader drive module may be specifically configured to receive the initialization command from the smart card authentication service module, to send a slot acquisition command to the terminal device through the virtual serial port drive module, to receive a slot number from the terminal device, then to send a power-on command to the terminal device, to send an Answer to Request (ATR) command returned by the terminal device to the smart card authentication service module, to receive a data transmission protocol type from the smart card authentication service module, and to encapsulate and then send the data transmission protocol type to the terminal device; and the smart card authentication service module may be specifically configured to receive the ATR command from the SCReader drive module, then to determine that the power-on is completed according to a definition of the power-on return value ATR in the smart card protocol, to select the data transmission protocol type corresponding to the smart card, and to send the data transmission protocol type to the SCReader drive module through the pcscd service module.
- ATR Answer to Request
- the smart card authentication service module may be further configured to send an information acquisition command to the SCReader drive module and to receive and store an International Mobile Subscriber Identifier (IMSI) from the SCReader drive module; and the SCReader drive module may be further configured to encapsulate and send the information acquisition command to the terminal device through the virtual serial port drive module, and to receive the IMSI from the terminal device.
- IMSI International Mobile Subscriber Identifier
- the apparatus may further comprise: a subscriber interface module, configured to provide an operation interface for a subscriber, to send the initialization command to the smart card authentication service module, to send an authentication manner selection indication to the smart card authentication service module after being successfully powered on, to send an information acquisition command to the smart card authentication service module, and to send the authentication request to the smart card authentication service module.
- a subscriber interface module configured to provide an operation interface for a subscriber, to send the initialization command to the smart card authentication service module, to send an authentication manner selection indication to the smart card authentication service module after being successfully powered on, to send an information acquisition command to the smart card authentication service module, and to send the authentication request to the smart card authentication service module.
- the subscriber interface module may be specifically configured to send the authentication request; the smart card authentication service module may be further configured to receive the authentication request from the subscriber interface module, then to generate a random number and send the random number and authentication request to the SCReader drive module, and to send an IMSI, the random number and the authentication request to the network server to request the network server to perform the authentication operation; and the SCReader drive module may be further configured to encapsulate and send the random number and the authentication request to the terminal device to request the terminal device to perform the authentication operation.
- the disclosure further provides a method for authenticating a smart card, which comprises:
- the initializing the smart card in the terminal device may comprise: a Smart Card Reader (SCReader) drive module receiving the initialization command and then sending a slot acquisition command to the terminal device through a virtual serial port drive module; the terminal device returning a slot number in which the smart card is inserted to the SCReader drive module; the SCReader drive module receiving the slot number and then sending a power-on command to the terminal device through the virtual serial port drive; the terminal device, after being powered on, returning an Answer to Request (ATR) command to the SCReader drive module; the SCReader drive module sending the ATR command to the smart card authentication service module; the smart card authentication service module determines that the power-on is completed according to the ATR command; the smart card authentication service module selecting and sending a data transmission protocol type corresponding to the smart card to the SCReader drive module through a Personnel Computer Smart Card Drive (pcscd) service module; and the SCReader drive module encapsulating and sending the data transmission protocol type to the terminal device.
- SCReader Smart Card Reader
- the method may further comprise: after the smart card in the terminal device is initialized, the smart card authentication service module receiving an information acquisition command from a subscriber interface module and sending the information acquisition command to the SCReader drive module; the SCReader drive module encapsulating and then sending the information acquisition command to the terminal device; the terminal device receiving the information acquisition command, then sending an IMSI of the smart card to the smart card authentication service module through the SCReader drive module, and storing the IMSI.
- the smart card authentication service module and the SCReader drive module can select the data transmission protocols of multiple kinds of smart cards, so that the apparatus and method have high compatibility and are easy to expand and widely applied;
- data transmission and the driving function of the smart card are respectively implemented by the virtual serial port drive module and the SCReader drive module; and the function separation degree is high;
- the characteristics of the Apple operating system are fully used; the smart card authentication service module and the SCReader drive module are connected by the interface of the pcscd service module; then the smart card authentication service module sends data to the SCReader drive module by the interface of the pcscd service module; and such constructed device has little change on the original operating system, high stability, high fault tolerance and low complexity.
- FIG. 1 is a structure diagram of a device for authenticating a smart card in the disclosure.
- a smart card authentication service module sends an initialization command to initialize a terminal device; after the initialization, the smart card authentication service module sends an authentication request to a network server and the terminal device, and compares smart card authentication operation results received from the network server and the terminal device; when the authentication results are identical to each other, the authentication of the smart card is passed.
- the terminal device refers to a device in which a smart card is inserted, has an authentication operation function, and is connected to a computer in a wireless or wired manner.
- FIG. 1 The disclosure is further described below with reference to one preferred embodiment in detail, as shown in FIG. 1 :
- the smart card authentication service module 102 is configured to send an initialization command to the SCReader drive module 104 by the pcscd service module 103 , to perform authentication operation by a terminal device and a network server, and to compare authentication operation results received from the network server and terminal device; when the authentication results are identical to each other, the authentication of the smart card is passed; wherein the operation result includes a Ciphering Key (CK) and a Signature Response (SRES);
- CK Ciphering Key
- SRES Signature Response
- the virtual serial port drive module 105 is configured to transmit data between the SCReader drive module 104 and the terminal device.
- the SCReader drive module 104 is specifically configured to receive the initialization command from the smart card authentication service module 102 , to send a slot acquisition command to the terminal device through the virtual serial port drive module 105 , to receive a slot number from the terminal device, then to send a power-on command to the terminal device, to send an Answer to Request (ATR) command returned by the terminal device to the smart card authentication service module 102 , to receive a data transmission protocol type from the smart card authentication service module 102 , and to encapsulate and then send the data transmission protocol type to the terminal device;
- the terminal device can only identity data of a Chip Smart Card Interface Device (CCID) protocol of a Universal Serial Bus (USB), thus the encapsulation is configured to convert data into the data which can be identified by the CCID protocol;
- CCID Chip Smart Card Interface Device
- USB Universal Serial Bus
- the smart card authentication service module 102 is further configured to send an information acquisition command to the SCReader drive module 104 , and to receive and store an International Mobile Subscriber Identifier (IMSI) from the SCReader drive module 104 ; and
- IMSI International Mobile Subscriber Identifier
- the SCReader drive module 104 is further configured to encapsulate and send the information acquisition command to the terminal device through the virtual serial port drive module 105 , and to receive the IMSI from the terminal device;
- the terminal device receives the information acquisition command and then returns the IMSI to the SCReader drive module 104 .
- a subscriber interface module 101 configured to provide an operation interface for a subscriber, to send the initialization command to the smart card authentication service module 102 , to send an authentication manner selection indication to the smart card authentication service module 102 after being successfully powered on (i.e., selecting the data transmission protocol type corresponding to the smart card), and to send an information acquisition command to the smart card authentication service module 102 , and to send the authentication request to the smart card authentication service module 102 .
- the subscriber interface module 101 is specifically configured to send the authentication request
- the terminal device is further configured to receive the authentication request, to perform the authentication operation according to the random number, and to send the operation result to the smart card authentication service module 102 through the SCReader drive module 104 and the pcscd service module 103 ; wherein the operation result includes the CK and the SRES; and
- the network server is configured to receive the authentication request, then to determine the type of the smart card according to the IMSI, to perform the corresponding authentication algorithm, and to return the operation result to the smart card authentication service module 102 .
- Step S 201 The smart card authentication service module sends an initialization command to the SCReader drive module to initialize the smart card in the terminal device.
- the subscriber selects a corresponding authentication manner by the subscriber interface module according to the type of the inserted smart card, for example, a 2G smart card corresponds to a 2G authentication manner; the subscriber interface module sends an authentication manner selection indication to the smart card authentication service module; the smart card authentication service module selects a data transmission protocol type corresponding to the smart card, and sends the data transmission protocol type to the SCReader drive module through the pcscd service module; the SCReader drive module encapsulates and sends the data transmission protocol type to the terminal device through the virtual serial port drive module so as to notify the terminal device to transmit data according to the data transmission protocol of the corresponding type, and the initialization is completed.
- the data transmission protocol type for the smart card authentication service module can be expanded according to demands of the subscriber in order to implement the authentication of multiple kinds of smart cards.
- Step S 202 After the initialization, the smart card authentication service module sends an authentication request to the network side and the terminal device through the SCReader drive module.
- the smart card authentication service module sends the random number, the IMSI and the authentication request to the network server at the network side; the authentication request can be either synchronously sent with the authentication request sent to the terminal device, or sent separately, which is determined by the subscriber according to different requirements; the network server, after receiving the random number and the IMSI, determines the type of the smart card according to the IMSI, then performs the corresponding authentication operation and returns the operation result to the smart card authentication service module.
- Step S 204 If the operation results are identical, the authentication of the smart card is passed, the results are returned to the subscriber interface module, and the flow is ended.
Abstract
Description
- The disclosure relates to the field of mobile communications and computers, particularly to an apparatus and a method for authenticating a smart card.
- Nowadays, with the explosive development of global information, more requirements are presented on the wireless data terminal equipment; and the access and operation of a smart card, particularly a Subscriber Identity Module (SIM) and a Universal Subscriber Identity Module (USIM), are more and more popular, thus the authentication of the smart card is more and more urgent. There are some solutions for authenticating a smart card authentication in a Windows operating system, but there are fewer authentication methods for an Apple operating system; therefore, the development of related products is limited to a great extent.
- For global computer subscribers, the Apple operating system has a large share in the market, and more and more devices for authenticating the smart card need to be implemented in devices in the Apple operating system, so a method for authenticating a smart card in the Apple operating system is needed.
- However, due to the difference between the operating systems, if the method for authenticating the smart card in the Windows operating system is directly applied to the Apple operating system, it is necessary to rewrite a set of drivers for accessing the smart card in the Apple operating system, which has a large workload and is very complicated; therefore, a solution for authenticating the smart card needs to be designed according to characteristics of the Apple operating system.
- In view of this, the main objective of the disclosure is to provide an apparatus and a method for authenticating a smart card, which use an original module in an Apple computer, so as to reduce the workload, implement authenticating multiple smart cards, and also obtain high compatibility.
- In order to achieve the objective above, the technical solution of the disclosure is implemented as follows.
- The disclosure provides an apparatus for authenticating a smart card, which is configured to connecting a terminal device and a network server which have authentication operation functions, and includes: a smart card authentication service module, a Smart Card Reader (SCReader) drive module, a Personnel Computer Smart Card Drive (pcscd) service module and a virtual serial port drive module, wherein the smart card authentication service module is configured to send an initialization command to the SCReader drive module, to send an authentication request to the terminal device and the network server, and to compare smart card authentication operation results received from the network server and the terminal device; when the results are identical to each other, the authentication of the smart card is passed;
- the SCReader drive module is configured to receive the initialization command from the smart card authentication service module and to send the authentication operation result from the terminal device to the smart card authentication service module;
- the pcscd service module is configured to provide a data transmission interface for the smart card authentication service module and to send data to the virtual serial port drive module through the SCReader drive module; and
- the virtual serial port drive module is configured to transmit data between the terminal device and the SCReader drive module.
- The SCReader drive module may be specifically configured to receive the initialization command from the smart card authentication service module, to send a slot acquisition command to the terminal device through the virtual serial port drive module, to receive a slot number from the terminal device, then to send a power-on command to the terminal device, to send an Answer to Request (ATR) command returned by the terminal device to the smart card authentication service module, to receive a data transmission protocol type from the smart card authentication service module, and to encapsulate and then send the data transmission protocol type to the terminal device; and the smart card authentication service module may be specifically configured to receive the ATR command from the SCReader drive module, then to determine that the power-on is completed according to a definition of the power-on return value ATR in the smart card protocol, to select the data transmission protocol type corresponding to the smart card, and to send the data transmission protocol type to the SCReader drive module through the pcscd service module.
- The smart card authentication service module may be further configured to send an information acquisition command to the SCReader drive module and to receive and store an International Mobile Subscriber Identifier (IMSI) from the SCReader drive module; and the SCReader drive module may be further configured to encapsulate and send the information acquisition command to the terminal device through the virtual serial port drive module, and to receive the IMSI from the terminal device.
- The apparatus may further comprise: a subscriber interface module, configured to provide an operation interface for a subscriber, to send the initialization command to the smart card authentication service module, to send an authentication manner selection indication to the smart card authentication service module after being successfully powered on, to send an information acquisition command to the smart card authentication service module, and to send the authentication request to the smart card authentication service module.
- The subscriber interface module may be specifically configured to send the authentication request; the smart card authentication service module may be further configured to receive the authentication request from the subscriber interface module, then to generate a random number and send the random number and authentication request to the SCReader drive module, and to send an IMSI, the random number and the authentication request to the network server to request the network server to perform the authentication operation; and the SCReader drive module may be further configured to encapsulate and send the random number and the authentication request to the terminal device to request the terminal device to perform the authentication operation.
- The disclosure further provides a method for authenticating a smart card, which comprises:
- initializing the smart card in a terminal device;
- performing an authentication operation on the smart card by a network server and the terminal device respectively; and
- comparing the authentication operation results returned by the network server and the terminal device,
- wherein the authentication of the smart card is passed when the results are identical to each other.
- The initializing the smart card in the terminal device may comprise: a Smart Card Reader (SCReader) drive module receiving the initialization command and then sending a slot acquisition command to the terminal device through a virtual serial port drive module; the terminal device returning a slot number in which the smart card is inserted to the SCReader drive module; the SCReader drive module receiving the slot number and then sending a power-on command to the terminal device through the virtual serial port drive; the terminal device, after being powered on, returning an Answer to Request (ATR) command to the SCReader drive module; the SCReader drive module sending the ATR command to the smart card authentication service module; the smart card authentication service module determines that the power-on is completed according to the ATR command; the smart card authentication service module selecting and sending a data transmission protocol type corresponding to the smart card to the SCReader drive module through a Personnel Computer Smart Card Drive (pcscd) service module; and the SCReader drive module encapsulating and sending the data transmission protocol type to the terminal device.
- The method may further comprise: after the smart card in the terminal device is initialized, the smart card authentication service module receiving an information acquisition command from a subscriber interface module and sending the information acquisition command to the SCReader drive module; the SCReader drive module encapsulating and then sending the information acquisition command to the terminal device; the terminal device receiving the information acquisition command, then sending an IMSI of the smart card to the smart card authentication service module through the SCReader drive module, and storing the IMSI.
- The performing the authentication operation on the smart card by the network server and terminal device may comprise: the smart card authentication service module receiving an authentication request from the subscriber interface module, generating a random number and sending the random number and the authentication request to the SCReader drive module; the SCReader drive module encapsulating and then sending the random number and the authentication request to the terminal device; the terminal device performing the authentication operation according to the random number, sending an operation result to the smart card authentication service module through the SCReader drive module, and sending the random number, the IMSI and the authentication request to the network server; and the network server determining a type of the smart card according to the IMSI, performing the corresponding authentication operation on the smart card and sending an operation result to the smart card authentication service module.
- Consequently, the apparatus and method for authenticating the smart card have the following advantages:
- 1: based on the existing virtual serial port drive module in the Apple computer, it is only necessary to construct the SCReader drive module and the smart card authentication service module, so that the original modules are well reused and the workload of the disclosure is reduced;
- 2: the smart card authentication service module and the SCReader drive module can select the data transmission protocols of multiple kinds of smart cards, so that the apparatus and method have high compatibility and are easy to expand and widely applied;
- 3: data transmission and the driving function of the smart card are respectively implemented by the virtual serial port drive module and the SCReader drive module; and the function separation degree is high; and
- 4: the characteristics of the Apple operating system are fully used; the smart card authentication service module and the SCReader drive module are connected by the interface of the pcscd service module; then the smart card authentication service module sends data to the SCReader drive module by the interface of the pcscd service module; and such constructed device has little change on the original operating system, high stability, high fault tolerance and low complexity.
-
FIG. 1 is a structure diagram of a device for authenticating a smart card in the disclosure; and -
FIG. 2 is a flowchart of a method for authenticating a smart card in the disclosure. - The basic idea of the disclosure is: a smart card authentication service module sends an initialization command to initialize a terminal device; after the initialization, the smart card authentication service module sends an authentication request to a network server and the terminal device, and compares smart card authentication operation results received from the network server and the terminal device; when the authentication results are identical to each other, the authentication of the smart card is passed.
- The terminal device refers to a device in which a smart card is inserted, has an authentication operation function, and is connected to a computer in a wireless or wired manner.
- The disclosure is further described below with reference to one preferred embodiment in detail, as shown in
FIG. 1 : - the disclosure provides an apparatus for authenticating a smart card, which comprises: a smart card
authentication service module 102, a Personnel Computer Smart Card Drive (pcscd)service module 103, a Smart Card Reader (SCReader)drive module 104 and a virtual serialport drive module 105, wherein - the smart card
authentication service module 102 is configured to send an initialization command to theSCReader drive module 104 by thepcscd service module 103, to perform authentication operation by a terminal device and a network server, and to compare authentication operation results received from the network server and terminal device; when the authentication results are identical to each other, the authentication of the smart card is passed; wherein the operation result includes a Ciphering Key (CK) and a Signature Response (SRES); - the
SCReader drive module 104 is configured to receive the initialization command from the smart cardauthentication service module 102, so as to initialize the smart card in the terminal device, and to send the authentication operation result from the terminal device to the smart card authentication service module; - the
pcscd service module 103 is configured to provide a data transmission interface of the smart cardauthentication service module 102, and to send data to the virtual serialport drive module 105 through theSCReader drive module 104; and - the virtual serial
port drive module 105 is configured to transmit data between theSCReader drive module 104 and the terminal device. - The
SCReader drive module 104 is specifically configured to receive the initialization command from the smart cardauthentication service module 102, to send a slot acquisition command to the terminal device through the virtual serialport drive module 105, to receive a slot number from the terminal device, then to send a power-on command to the terminal device, to send an Answer to Request (ATR) command returned by the terminal device to the smart cardauthentication service module 102, to receive a data transmission protocol type from the smart cardauthentication service module 102, and to encapsulate and then send the data transmission protocol type to the terminal device; the terminal device can only identity data of a Chip Smart Card Interface Device (CCID) protocol of a Universal Serial Bus (USB), thus the encapsulation is configured to convert data into the data which can be identified by the CCID protocol; - the terminal device is configured to receive the slot acquisition command from the
SCReader drive module 104, to send the slot number, in which the smart card is inserted, to theSCReader drive module 104, to receive the power-on command from theSCReader drive module 104, then to return the ATR command, wherein the numerical value in the ATR command represents a power-on result; and to receive the data transmission protocol from theSCReader drive module 104; and - the smart card
authentication service module 102 is specifically configured to receive the ATR command from theSCReader drive module 104, then to determine that the power-on is completed according to a definition of the power-on return value ATR in the smart card protocol; after the power-on is successful, to select the data transmission protocol type corresponding to the smart card, and to send the data transmission protocol type to theSCReader drive module 104 through thepcscd service module 103. - The smart card
authentication service module 102 is further configured to send an information acquisition command to theSCReader drive module 104, and to receive and store an International Mobile Subscriber Identifier (IMSI) from theSCReader drive module 104; and - the
SCReader drive module 104 is further configured to encapsulate and send the information acquisition command to the terminal device through the virtual serialport drive module 105, and to receive the IMSI from the terminal device; and - the terminal device receives the information acquisition command and then returns the IMSI to the
SCReader drive module 104. - The apparatus further comprises:
- a
subscriber interface module 101, configured to provide an operation interface for a subscriber, to send the initialization command to the smart cardauthentication service module 102, to send an authentication manner selection indication to the smart cardauthentication service module 102 after being successfully powered on (i.e., selecting the data transmission protocol type corresponding to the smart card), and to send an information acquisition command to the smart cardauthentication service module 102, and to send the authentication request to the smart cardauthentication service module 102. - The
subscriber interface module 101 is specifically configured to send the authentication request; - the smart card
authentication service module 102 is further configured to receive the authentication request from thesubscriber interface module 101, then to generate a random number by a random number algorithm according to data protocols of different smart cards, to send the random number and the authentication request to theSCReader drive module 104, and to send the IMSI, the random number and the authentication request to the network server; and - the
SCReader drive module 104 is further configured to encapsulate and send the random number and the authentication request to the terminal device. - The terminal device is further configured to receive the authentication request, to perform the authentication operation according to the random number, and to send the operation result to the smart card
authentication service module 102 through theSCReader drive module 104 and thepcscd service module 103; wherein the operation result includes the CK and the SRES; and - the network server is configured to receive the authentication request, then to determine the type of the smart card according to the IMSI, to perform the corresponding authentication algorithm, and to return the operation result to the smart card
authentication service module 102. - The disclosure further provides a method for authenticating a smart card, as shown in
FIG. 2 . - Step S201: The smart card authentication service module sends an initialization command to the SCReader drive module to initialize the smart card in the terminal device.
- A subscriber selects an initialization function through the subscriber interface module; the subscriber interface module sends a smart card initialization command to the smart card authentication service module; and the smart card authentication service module sends the smart card initialization command to the SCReader drive module through the pcscd service module.
- The SCReader drive module receives the initialization command, and then sends a slot acquisition command to the terminal device through the virtual serial port drive module; after receiving the slot acquisition command, the terminal device sends a slot number, in which the smart card is inserted, to the SCReader drive module.
- After receiving the slot number of the smart card, the SCReader drive module sends a power-on command to a slot, in which the smart card is inserted, in the terminal device through the virtual serial port drive module according to the slot number; the terminal device completes the power-on operation, and returns an ATR command to the SCReader drive module through the virtual serial port drive module, wherein the numerical value in the ATR command represents the power-on result; the SCReader drive module sends the ATR command to the smart card authentication service module; the smart card authentication service module determines that the power-on is completed according to a definition of the power-on return value ATR in the smart card protocol, and to send the data transmission protocol type to the subscriber interface module.
- After the power-on is successful, the subscriber selects a corresponding authentication manner by the subscriber interface module according to the type of the inserted smart card, for example, a 2G smart card corresponds to a 2G authentication manner; the subscriber interface module sends an authentication manner selection indication to the smart card authentication service module; the smart card authentication service module selects a data transmission protocol type corresponding to the smart card, and sends the data transmission protocol type to the SCReader drive module through the pcscd service module; the SCReader drive module encapsulates and sends the data transmission protocol type to the terminal device through the virtual serial port drive module so as to notify the terminal device to transmit data according to the data transmission protocol of the corresponding type, and the initialization is completed.
- The data transmission protocol type for the smart card authentication service module can be expanded according to demands of the subscriber in order to implement the authentication of multiple kinds of smart cards.
- Step S202: After the initialization, the smart card authentication service module sends an authentication request to the network side and the terminal device through the SCReader drive module.
- The subscriber selects an information acquisition command through the subscriber interface module; the subscriber interface module sends the information acquisition command to the smart card authentication service module; the smart card authentication service module sends the information acquisition command to the SCReader drive module through the pcscd service module; the SCReader drive module encapsulates and sends the information acquisition command to the terminal device through the virtual serial port drive module; after receiving the information acquisition command, the terminal device sends the IMSI of the smart card to the SCReader drive module through the virtual serial port drive module; and the SCReader drive module sends the IMSI to the smart card authentication service module through the pcscd service module and stores the IMSI.
- The subscriber selects an authentication request function through the subscriber interface module; the subscriber interface module sends the authentication request to the smart card authentication service module; the smart card authentication service module generates a random number by a random number algorithm according to data transmission protocols of different smart cards, and sends the random number and the authentication request to the SCReader drive module through the pcscd service module; the SCReader drive module encapsulates and sends the random number and the authentication request to the terminal device through the virtual serial port drive module; the terminal device performs the authentication operation according to the random number and returns the operation result to the SCReader drive module; and the SCReader drive module sends the operation result to the smart card authentication service module, wherein the operation result includes the CK and the SRES.
- The smart card authentication service module sends the random number, the IMSI and the authentication request to the network server at the network side; the authentication request can be either synchronously sent with the authentication request sent to the terminal device, or sent separately, which is determined by the subscriber according to different requirements; the network server, after receiving the random number and the IMSI, determines the type of the smart card according to the IMSI, then performs the corresponding authentication operation and returns the operation result to the smart card authentication service module.
- Step S203: The smart card authentication service module judges whether the operation results received from the network side and the terminal device are identical to each other; if yes, step S204 is executed; otherwise, step S205 is executed.
- Step S204: If the operation results are identical, the authentication of the smart card is passed, the results are returned to the subscriber interface module, and the flow is ended.
- Step S205: If the operation results are different, the authentication of the smart card is failed, the results are returned to the subscriber interface module, and the flow is ended.
- What described above are only preferred embodiments of the disclosure, and the scope of protection of the disclosure is not limited herein; any modifications, equivalent replacements, improvements and the like within the spirit and principle of the disclosure shall fall within the scope of protection of the disclosure.
Claims (13)
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010116363.3 | 2010-02-10 | ||
CN201010116363 | 2010-02-10 | ||
CN201010116363.3A CN101800987B (en) | 2010-02-10 | 2010-02-10 | Intelligent card authentication device and method |
PCT/CN2010/072524 WO2011097843A1 (en) | 2010-02-10 | 2010-05-07 | Smart card authentication device and method |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120266212A1 true US20120266212A1 (en) | 2012-10-18 |
US9491166B2 US9491166B2 (en) | 2016-11-08 |
Family
ID=42596420
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/258,346 Expired - Fee Related US9491166B2 (en) | 2010-02-10 | 2010-05-07 | Apparatus and method for authenticating smart card |
Country Status (4)
Country | Link |
---|---|
US (1) | US9491166B2 (en) |
EP (1) | EP2509351A4 (en) |
CN (1) | CN101800987B (en) |
WO (1) | WO2011097843A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331056A1 (en) * | 2012-08-30 | 2014-11-06 | Sony Corporation | Information processing apparatus, information processing system, information processing method, and program |
US20160314469A1 (en) * | 2013-12-31 | 2016-10-27 | Feitian Technologies Co., Ltd. | Method for generating off-line authentication credentials by intelligent card |
US10097534B2 (en) * | 2015-08-28 | 2018-10-09 | Dell Products L.P. | System and method to redirect hardware secure USB storage devices in high latency VDI environments |
US20180307643A1 (en) * | 2015-12-31 | 2018-10-25 | Huawei Technologies Co., Ltd. | Smart interface card control method and apparatus |
US20190245848A1 (en) * | 2018-02-08 | 2019-08-08 | Citrix Systems, Inc. | Fast Smart Card Login |
CN113179163A (en) * | 2021-04-25 | 2021-07-27 | 郑州信大捷安信息技术股份有限公司 | Intelligent card information remote reading method and system |
CN113805514A (en) * | 2021-09-17 | 2021-12-17 | 北京京航计算通讯研究所 | Serial port control instruction processing method based on FPGA (field programmable Gate array), upper computer and lower computer |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106375997A (en) * | 2016-08-22 | 2017-02-01 | 努比亚技术有限公司 | Terminal control device, method and terminal |
Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6230002B1 (en) * | 1997-11-19 | 2001-05-08 | Telefonaktiebolaget L M Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
US20010048025A1 (en) * | 1998-05-11 | 2001-12-06 | Philip C. Shinn | System and method of biometric smart card user authentication |
US20030004876A1 (en) * | 2001-06-29 | 2003-01-02 | David Jacobson | Mobile terminal incorporated with a credit card |
US6862583B1 (en) * | 1999-10-04 | 2005-03-01 | Canon Kabushiki Kaisha | Authenticated secure printing |
US20050177515A1 (en) * | 2004-02-06 | 2005-08-11 | Tatara Systems, Inc. | Wi-Fi service delivery platform for retail service providers |
US20060265340A1 (en) * | 2005-05-19 | 2006-11-23 | M-System Flash Disk Pioneers Ltd. | Transaction authentication by a token, contingent on personal presence |
US20080072303A1 (en) * | 2006-09-14 | 2008-03-20 | Schlumberger Technology Corporation | Method and system for one time password based authentication and integrated remote access |
US7481363B2 (en) * | 2002-08-09 | 2009-01-27 | Brite Smart Llc | Smartcard authentication and authorization unit attachable to a PDA, computer, cell phone, or the like |
US20090193514A1 (en) * | 2008-01-25 | 2009-07-30 | Research In Motion Limited | Method, system and mobile device employing enhanced user authentication |
US20090235037A1 (en) * | 2006-11-07 | 2009-09-17 | Oberthur Technologies | Method and device for customizing a portable electronic entity |
US20090321519A1 (en) * | 2006-03-29 | 2009-12-31 | STMicroelectronics, Inc. (a corporation of the State of Delaware) | System and method for sensing biometric and non-biometric smart card devices |
US20100076879A1 (en) * | 2007-04-04 | 2010-03-25 | Zte Usa Inc. | System and method of providing services via peer-to-peer-based next generation network |
US20100138666A1 (en) * | 2008-12-01 | 2010-06-03 | Neil Patrick Adams | Simplified multi-factor authentication |
US20110099604A1 (en) * | 2008-06-11 | 2011-04-28 | Zte Corporation | Access control method and system for packet data network, pcrf entity |
US8166524B2 (en) * | 2003-11-07 | 2012-04-24 | Telecom Italia S.P.A. | Method and system for the authentication of a user of a data processing system |
US8172138B2 (en) * | 2006-09-21 | 2012-05-08 | Aser Rich Limited | Device and method for smart card assisted digital content purchase and storage |
US20120144194A1 (en) * | 2009-08-19 | 2012-06-07 | Zte Corporation | Service providing client, wireless terminal and method for implementing binding |
US8332935B2 (en) * | 2005-07-29 | 2012-12-11 | Research In Motion Limited | System and method for encrypted smart card pin entry |
US8595485B2 (en) * | 2009-01-16 | 2013-11-26 | Zte Corporation | Security management method and system for WAPI terminal accessing IMS network |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI103314B1 (en) * | 1996-09-02 | 1999-05-31 | Nokia Mobile Phones Ltd | Protection procedure in mobile phone systems |
SE9803569L (en) * | 1998-10-19 | 2000-04-20 | Ericsson Telefon Ab L M | Authentication procedure and system |
CN1326167A (en) * | 2000-05-30 | 2001-12-12 | 英业达股份有限公司 | Method for using intelligent card to high-performance computer |
CN1260927C (en) * | 2002-11-26 | 2006-06-21 | 华为技术有限公司 | IP network system for realizing safety verification and method thereof |
US7509487B2 (en) * | 2003-09-29 | 2009-03-24 | Gemalto Inc. | Secure networking using a resource-constrained device |
JP4917036B2 (en) * | 2004-09-23 | 2012-04-18 | ジエマルト・エス・アー | System and method for communicating with a general purpose integrated circuit card in a mobile device using an internet protocol |
CN100452924C (en) * | 2006-01-09 | 2009-01-14 | 中国科学院软件研究所 | Method and apparatus for realizing bidirectional authentication of terminal and network using SIM card |
CN101163003A (en) * | 2006-10-12 | 2008-04-16 | 北京三星通信技术研究有限公司 | System and method for authenticating network for terminal when SIM card use UMTS terminal and UMTS system |
-
2010
- 2010-02-10 CN CN201010116363.3A patent/CN101800987B/en not_active Expired - Fee Related
- 2010-05-07 WO PCT/CN2010/072524 patent/WO2011097843A1/en active Application Filing
- 2010-05-07 US US13/258,346 patent/US9491166B2/en not_active Expired - Fee Related
- 2010-05-07 EP EP10845517.1A patent/EP2509351A4/en not_active Withdrawn
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6230002B1 (en) * | 1997-11-19 | 2001-05-08 | Telefonaktiebolaget L M Ericsson (Publ) | Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network |
US20010048025A1 (en) * | 1998-05-11 | 2001-12-06 | Philip C. Shinn | System and method of biometric smart card user authentication |
US6862583B1 (en) * | 1999-10-04 | 2005-03-01 | Canon Kabushiki Kaisha | Authenticated secure printing |
US20030004876A1 (en) * | 2001-06-29 | 2003-01-02 | David Jacobson | Mobile terminal incorporated with a credit card |
US7481363B2 (en) * | 2002-08-09 | 2009-01-27 | Brite Smart Llc | Smartcard authentication and authorization unit attachable to a PDA, computer, cell phone, or the like |
US8166524B2 (en) * | 2003-11-07 | 2012-04-24 | Telecom Italia S.P.A. | Method and system for the authentication of a user of a data processing system |
US20050177515A1 (en) * | 2004-02-06 | 2005-08-11 | Tatara Systems, Inc. | Wi-Fi service delivery platform for retail service providers |
US20060265340A1 (en) * | 2005-05-19 | 2006-11-23 | M-System Flash Disk Pioneers Ltd. | Transaction authentication by a token, contingent on personal presence |
US8332935B2 (en) * | 2005-07-29 | 2012-12-11 | Research In Motion Limited | System and method for encrypted smart card pin entry |
US20090321519A1 (en) * | 2006-03-29 | 2009-12-31 | STMicroelectronics, Inc. (a corporation of the State of Delaware) | System and method for sensing biometric and non-biometric smart card devices |
US20080072303A1 (en) * | 2006-09-14 | 2008-03-20 | Schlumberger Technology Corporation | Method and system for one time password based authentication and integrated remote access |
US8172138B2 (en) * | 2006-09-21 | 2012-05-08 | Aser Rich Limited | Device and method for smart card assisted digital content purchase and storage |
US20090235037A1 (en) * | 2006-11-07 | 2009-09-17 | Oberthur Technologies | Method and device for customizing a portable electronic entity |
US20100076879A1 (en) * | 2007-04-04 | 2010-03-25 | Zte Usa Inc. | System and method of providing services via peer-to-peer-based next generation network |
US20090193514A1 (en) * | 2008-01-25 | 2009-07-30 | Research In Motion Limited | Method, system and mobile device employing enhanced user authentication |
US20110099604A1 (en) * | 2008-06-11 | 2011-04-28 | Zte Corporation | Access control method and system for packet data network, pcrf entity |
US20100138666A1 (en) * | 2008-12-01 | 2010-06-03 | Neil Patrick Adams | Simplified multi-factor authentication |
US8595485B2 (en) * | 2009-01-16 | 2013-11-26 | Zte Corporation | Security management method and system for WAPI terminal accessing IMS network |
US20120144194A1 (en) * | 2009-08-19 | 2012-06-07 | Zte Corporation | Service providing client, wireless terminal and method for implementing binding |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331056A1 (en) * | 2012-08-30 | 2014-11-06 | Sony Corporation | Information processing apparatus, information processing system, information processing method, and program |
US9882721B2 (en) * | 2012-08-30 | 2018-01-30 | Sony Corporation | Authentication using electronic signature |
US20160314469A1 (en) * | 2013-12-31 | 2016-10-27 | Feitian Technologies Co., Ltd. | Method for generating off-line authentication credentials by intelligent card |
US10097534B2 (en) * | 2015-08-28 | 2018-10-09 | Dell Products L.P. | System and method to redirect hardware secure USB storage devices in high latency VDI environments |
US20180307643A1 (en) * | 2015-12-31 | 2018-10-25 | Huawei Technologies Co., Ltd. | Smart interface card control method and apparatus |
US10515043B2 (en) * | 2015-12-31 | 2019-12-24 | Huawei Technologies Co., Ltd. | Smart interface card control method and apparatus through a virtualized management interface |
US20190245848A1 (en) * | 2018-02-08 | 2019-08-08 | Citrix Systems, Inc. | Fast Smart Card Login |
US10958640B2 (en) * | 2018-02-08 | 2021-03-23 | Citrix Systems, Inc. | Fast smart card login |
US11695757B2 (en) * | 2018-02-08 | 2023-07-04 | Citrix Systems, Inc. | Fast smart card login |
CN113179163A (en) * | 2021-04-25 | 2021-07-27 | 郑州信大捷安信息技术股份有限公司 | Intelligent card information remote reading method and system |
CN113805514A (en) * | 2021-09-17 | 2021-12-17 | 北京京航计算通讯研究所 | Serial port control instruction processing method based on FPGA (field programmable Gate array), upper computer and lower computer |
Also Published As
Publication number | Publication date |
---|---|
CN101800987B (en) | 2014-04-09 |
WO2011097843A1 (en) | 2011-08-18 |
CN101800987A (en) | 2010-08-11 |
EP2509351A4 (en) | 2017-06-21 |
US9491166B2 (en) | 2016-11-08 |
EP2509351A1 (en) | 2012-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9491166B2 (en) | Apparatus and method for authenticating smart card | |
US10970951B2 (en) | Data management method, apparatus, device, system and storage medium for smart lock | |
EP2770782B1 (en) | Wireless data communication | |
CN103037538B (en) | Data transmission method and mobile terminal | |
KR101799389B1 (en) | Method for identifying and authenticating an rfid tag by a reader | |
US20180041893A1 (en) | Method and system of multi-terminal mapping to a virtual sim card | |
KR101820392B1 (en) | Method, device and system for establishing data connection | |
US20180310157A1 (en) | Near field communication method and mobile terminal | |
US10708744B2 (en) | NFC-based communication method and apparatus | |
CN101599832B (en) | Method and system of authenticating personal identity for logging in a network system | |
US9262711B2 (en) | NFC tag, communication method and system | |
CN104135339A (en) | Bluetooth low-power-consumption communication method, Bluetooth equipment and system | |
EP2566288A2 (en) | Wireless internet access module, communication method for host and wireless internet access module, and data card | |
CN103559523B (en) | The contactless read-write device realized based on SWP SE and method | |
WO2014067547A1 (en) | Nfc controller architecture for emulation of multiple nfc-a devices | |
CN104936167A (en) | Card writing method, system and equipment | |
CN105554750A (en) | Transmission method of data frame, and terminal | |
CN204650557U (en) | A kind of displaying induction type information service system based on NFC electronic tag | |
US20220382920A1 (en) | Terminal and communication method | |
CN102547706B (en) | Management method of network equipment and device thereof | |
EP2634926A1 (en) | Method and apparatus for data transmission | |
US20170206520A1 (en) | Control of applications in a mobile terminal | |
CN104992134A (en) | Label fast processing method | |
CN104598854A (en) | Identification card concentrated decoding system | |
CN101561860B (en) | Card reader and method of mutual authentication of storage card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ZTE CORPORATION, CHINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JIANG, JIEWEI;REEL/FRAME:028693/0039 Effective date: 20120507 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20201108 |
|
AS | Assignment |
Owner name: PATTINGTON IP LLC, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ZTE CORPORATION;REEL/FRAME:060777/0652 Effective date: 20220609 |